SQL update multiple rows with different values

Question

Edit: I've re-written my question to include more details:

Here's a snapshot of the code that produces the page of results from the database of users:

userdetails.php

$currenttechnicians = "SELECT * FROM ahsinfo ORDER BY FirstName";
$currenttechniciansresults = sqlsrv_query($conn,$currenttechnicians) or die("Couldn't     execut query");

while ($techniciandata=sqlsrv_fetch_array($currenttechniciansresults)){

echo "<tr align=center>";
echo "<td height=35 background=largebg.gif style=text-align: center valign=center>";

echo "<input type=hidden name=\"ID\" value=";
echo $techniciandata['ID'];
echo ">";
echo "<input type=textbox name=\"FirstName\" value=";
echo $techniciandata['FirstName'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox name=\"LastName\" value=";
echo $techniciandata['LastName'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox size=40 name=\"SIPAddress\" value=";
echo $techniciandata['SIPAddress'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox name=\"MobileNumber\" value=";
echo $techniciandata['MobileNumber'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";

?>

Here's the code that handles the form submission: (again, just the SQL query that updates the database. I've removed the database connection string).

edituserdetails.php

<?PHP
//Add the new users details to the database
$edituser = " UPDATE ahsinfo SET FirstName='{$_POST['FirstName']}',     LastName='{$_POST['LastName']}', SIPAddress='{$_POST['SIPAddress']}',     MobileNumber='{$_POST['MobileNumber']}' WHERE ID='{$_POST['ID']}' ";
$editresult = sqlsrv_query($conn,$edituser) or die("Couldn't execute query to update     database");
?>

I'm trying to update the entire database (it's a small database) with any changes that a user makes on the userdetails.php page.

Strings must be encapsulated with either `'` or `"` – Ohgodwhy Jun 12 '14 at 01:29 — Ohgodwhy, Jun 12 '14 at 01:29

score 1 · Answer 1 · edited May 23 '17 at 12:13

1

You're missing quotes around your string values and used a curly brace instead of a bracket on one of your POST variables:

UPDATE ahsinfo 
SET FirstName="{$_POST['FirstName']}", 
    LastName="{$_POST['LastName']}", 
    EmailAddress="{$_POST['EmailAddress']}", 
    MobileNumber="{$_POST['MobileNumber']}" 
WHERE ID={$_POST['ID']}

You would have caught this if you checked for errors in your code.

FYI, you are wide open to SQL injections

edited May 23 '17 at 12:13

Community

1
1

answered Jun 12 '14 at 01:29

John Conde

217,595
99
455
496

1

Indeed it will. I need to get one eye off of the hockey game and focus on my syntax. – John Conde Jun 12 '14 at 01:31

SQL update multiple rows with different values

1 Answers1